Hack Google for Cash

Receive the latest press-here updates in your inbox

Google has decided that hackers could probably be better at finding its security vulnerabilities than its own engineers and has launched a reward program that pays up to $3,100 for each security flaw found.

The tech titan announced its expansion of its Patch Rewards program, which will enable hackers to find any security bugs in Google's properties including Android. "The goal is very simple: to recognize and reward proactive security improvements to third-party open-source projects that are vital to the health of the entire Internet," according to Michal Zalewski of the Google Security Team.

Those looking to make a little cash on the side (the bounty for each bug ranges from $500 to $3,133.70) should be looking at these projects:

Security-critical, commonly used components of the Linux kernel (including KVM)

All the open-source components of Android: Android Open Source Project

Widely used web servers: Apache httpd, lighttpd, nginx

Popular mail delivery services: Sendmail, Postfix, Exim, Dovecot

Virtual private networking: OpenVPN

Network time: University of Delaware NTPD

Additional core libraries: Mozilla NSS, libxml2

Toolchain security improvements for GCC, binutils, and llvm

Of course, there are rules, and they tend to be very specific, including how hackers must notify Google "maintainers" in order to be paid. Google is hoping that cash can crowdsource a solution to its security bugs, and in the meantime give bored hackers an incentive to help out.